Occasionally we test our software products for viruses and other malware in sites such as Virus Total. Sites like these offer free online malware scan for URL or file with very wide range of anti-malware products. So far so good, but problem is, that almost every time, there is some random antivirus vendor who detects our software as some generic virus.
These False positives never come from Big players such as Symantec, McAfee or AVG. Why? Because they have very large customer base, and every time there is a False positive, there are many upset customers, and upset customers are bad business.
Some antivirus companies like IKARUS GmbH have an URL or email address, where you can send in what you believe is False positive. They usually react quick, and your False positive is out of their database in the next update.
And there are antivirus vendors like Trend Micro who employs more than 4000 people, and they do not accept False positive samples from people or organizations that have not bought their antivirus products. You can see this if you do a Google search on Trend Micro False Positive.
What can you do if your antivirus software are detecting our or any other software as a virus, and they do not provide any means where False positive sample can be submitted? Contact your antivirus vendor, or switch to another vendor. Why are you using antivirus product, that can not detect what is malware and what is not?
Another poor example was Clam AntiVirus, that is now removed from Virus Total antivirus list. They had a problem, that too many False Positive requests made the support queue so long, so they couldn’t keep up with the removal request processing. They were processing requests that was more than 1/2 year old. Nightly builds, I am talking to you! Check out ClamAV virus and not-a-virus submission form. The line that says it all:
Because of a high number of submitters, please do not submit more than two files per day.
Also, the basic test any anti-malware can do, is to test for Digital Signature. All of our software is digitally signed with a valid Digital Signature, and malware with valid Digital Signature is super-very rare thing.
Bonus reading: